Posted
by
BeauHDon Thursday August 18, 2016 @06:00PM
from the decisions-decisions dept.

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."

The NSA have the money, the soldiers and all forms of resources though.

They do?

I realize the US government controls a large amount of money, for fairly obvious reasons, but it's also infamous for government jobs not paying very well compared to private-sector jobs. This has been a big problem for some time now with the government unable to effectively recruit and retain tech workers. The main draw of a government job is stability, not pay, so this results in the government having a lot of not-so-competent

They will conduct a witch hunt in public, of course. Their response will be in public, of course. The blame will be covered well by the media, the retaliation made public. Not to set an example. No. The real reason all of this will be done in public is because it keeps the media (and everyone the media then manipulate into accepting that the important things are whatever the media spins in our "culture of outrage") focused on the wrong thing.

Keeping the conversation on the leaker, and not what is being leaked, is the only way for them to perpetuate their continued violation of law, their intelligence systems functional, funded, and their ability to persecute whomever they want, for whatever they want, liberty be damned.

What we should be talking about is: How can they sit by in good conscience, and exploit the mistakes of the very industry that boosts the economy of the 21st century? How can they leave us exposed? How do they expect other governments (of countries more populated than we are) to not have the same skill set to discover these flaws? Where is our protection?

The intelligence community has clearly lost track of its real mandate. It needs to be disassembled and rebuilt from the ground up. J Edgar's legacy is alive and well, and it is a pox on our house. Focus on that, and thank the leakers, whomever they are for pressing this issue with the American people.

Our Intelligence Agencies need to be split between attack and defense, so that every time we get hacked we know who to blame. Let the CIA take care of all offense and spying stuff, with the NSA devoted to keeping America safe. Big question: will they (now) help patch the holes in our security? That would neutralize the weapons their poor security dumped into the hands of America's enemies.

1) there will be a witch hunt.The nsa will investigate its own employees against its already existing psych profile sheets to see who is the most likely to have been motivated to steal the data. Then they will set up an internal emtrapment scenario to catch the leaker red handed. They will then be charged with federal espionage, and put into prison.

2) the same investigation will sift out accomplices and contacts. The trap will not be sprung until positive id has been made on all members of the cell.

3) the nsa will not directly move against the other members of the cell. Instead it will monitor, and selectively leak false intel to this cell, making it ineffectual, or worse, countereffectual to the foriegn government operating it.

4) if deemed useful to do so, the cell will be infiltrated with a new "insider", who will actually be collecting and analyzing the cells instructions to better predict and respond to the foriegn power's activities.

Everywhere you look something on your computer or website is trying to hijack you. The spies need to fuck off and die. They pretend they are your solution but can you count the debt of your country? Do you feel like they used your money to help you?

Do you see anybody in burka's trying to kill you or spy on you? No. There is no ISIS neighborhood just FBI and CIA NSA lies.

Note in citizen 4, the first phase of the nsa's activity against Snowden was in sussing out his aberrent behavior, and surveiling his girlfriend, family, and Hawaii place of residence. This is what happens in phase 1) of my short list. A list of persons of interest is produced using psych details, and active monitoring starts. Connections maps are created. Points of surveillance are established, and monitoring priority increases. Phase one ideally (for the nsa) ends with apprehension of their leak, but the process does not end there.

After sussing out the entry point of the leaker, the companion network is either dismantled, or subtly repurposed for cointel.False intel is fed to the group. If the false intel causes the foriegn agency to suspect compromise, it sends the message to that foriegn agency that their action was detected, and that thier methods are not valid any longer. If the foriegn agency fails to change the operational behavior of the cell, then it may become beneficial to plant a double agent. This double agent can then cause the foriegn power to change its policies or public activities, through contaminated or misleading intelligence, created specifically for this purpose.

That they can conduct such a profoundly invasive phase one investigation using literally any internet connected, or broadcast capable device, along with your financial data, and the information about you provided by your so called friends on social media, is the primary thrust behind snowden's leaks. What the NSA will do, and why they will do it is not going to change. The leaks from snowden concerned the how and the what.

Sorry for my sloth but....am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

They knowing left these holes open, with no idea (nor any way of knowing) whether or not any criminals were exploiting these holes already, to our detriment?

I'd say they aren't just failing to do their job, they are knowingly doing the opposite of their job. Their conscious inaction put at-risk those they are supposed to protect, is therefore unethical, and constitutes an enormous breach of trust given their position of authority.

They should all burn. I don't give a shit who spilled the beans, I want the decision-makers at the top to be thrown in jail for this.

From ths perspective of people who like to watch, as the nsa does, telling the landlord about where all the best places to peep so they can be fixed, is counter intuitive.

That the same building techniques are used in thier own house, and that other people who like to watch can peep on them through them, is not seriously considered.

Instead, only the loss of really good ways to peep is what is considered. If the method of peeping is likely to be discovered, or the architecture behind the means of peeping changes such that the approach becomes less valuable, the peeping Tom may delude himself into thinking that he is doing a service to society and the landlord by pointing out how that peeping may happen. (See for instance, methods used to remotely observe what is displayed on a crt monitor by monitoring the em spectrum for telltale radio artifacts-- who uses crts these days?)

The nsa is sick, and likes to watch. The very idea that they would feel they should stopper up the holes they look through, or alert people that they are looking at them through them, is counter to their fetish. The very idea is absurd to them. Only somebody that sees by accident, and is disgusted by having seen, has motive to see to it that no such seeing ever happens again, apart of course, from somebody catching somebody peeping on them, and discovering the hole that way.

From the perspective of the nsa, if they have eno ugh places to peep through, you can putty up holes all day, and they can wack off to watching you do it. Telling you where all the holes are stops that from happening. They want to watch you. Not keep you safe from being peeped on.

am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

Yes. This is a big problem with the NSA and GCHQ, which have the dual missions of securing infrastructure and compromising enemy infrastructure. These missions come into direct conflict when the core of your and your enemy's infrastructure rely on the same components. Germany separates the two missions into separate institutions.

The same thing came up when Heartbleed was discovered. There were basically two options:

The NSA had not found the vulnerability, in which case they were seriously failing in both missions as they'd either failed to notice that OpenSSL is core infrastructure (for the USA and for other countries) or they had failed to fuzz the protocol properly (part of the embarrassment about Heartbleed was that proper testing would have found it years ago). If this is the case, they are incompetent because there was evidence that the vulnerability had been exploited in the wild before the official disclosure.

The NSA had found the vulnerability but had decided that being able to attack SSL connections was worth the cost of leaving all financial and a lot of secure government communications vulnerable to foreign intelligence and criminal organisations. If this is the case, then they are incompetent at risk analysis and should not be permitted to engage in risky behaviour.

There is no interpretation of events that makes them appear competent.

Sorry for my sloth but....am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

Considering how much of the global gov/economy mimics the US in terms of software/hardware used, it's not just the U.S. that is vulnerable to these exploits. Just sayin'.

They knowing left these holes open, with no idea (nor any way of knowing) whether or not any criminals were exploiting these holes already, to our detriment?

What? And help our adversaries protect their low-hanging fruit?

I'd say they aren't just failing to do their job, they are knowingly doing the opposite of their job. Their conscious inaction put at-risk those they are supposed to protect, is therefore unethical, and constitutes an enormous breach of trust given their position of authority.

Here you have a good point. There's this concept of organizational charters for the government. It's the CIA's job to look outside our borders, the FBI's to enforce federal laws within our borders, and the

They should all burn. I don't give a shit who spilled the beans, I want the decision-makers at the top to be thrown in jail for this.

Alas we have already reached the point where despite being caught in lies and multiple smoking guns government itself now openly admits that the connected are above the law and that "no reasonable prosecutor would bring such a case". So while I agree that they should hang for treason it won't happen. They can do whatever they want and can do it more openly and brazenly than ever before.

Govt openly admits to reality! News at 11!As Douglas Adams said, "People are a problem".Sadly, this is the way humans do things.Revolutionaries allatime kicking the old bosses out."Meet the new boss, same as the old boss"./endofmorningrambletimeforcoffee

You are assuming that this was an insider. If that assumption is false then your #1 is really a witch hunt (as you designated it, though given the rest of your comment I doubt you understand what the term means).

"Really, this is not hard."

Great, thanks for your confidence. You mention Edward Snowden in a comment below to justify this fantasy. An important difference is that in that case they *knew* who had done it. You conveniently overlook the difficulty in conducting this kind of investigation.

It was 3 years ago. Importance of this detail is this: in pre-Snowden era NSA did not have access logs or other internal audit tools. Those were considered risk to security of operations. My speculation is that this is why the data dump is so old - to maximally complicate forensic team's job.

Not one of the steps involves questioning whether the NSA should be sitting on these 0-day exploits for their own use for years and leaving their own citizens and companies vulnerable to attack, rather than notifying the owners of the code and getting them patched.

First order of business is finding out who let the cat out of the bag and getting retribution.

The first step is patience, let the tools spread and behind a wave of script kiddie attacks, the NSA launches a global back door offensive, trying to stick in as many back doors as possible behind a wave of script kiddie attacks, some of which will be prosecuted as cover. A stolen idea back from when crackers (before main stream media renamed them hackers), distributed their software to provide cover for their activities and have the heat taken off when those script kiddies get busted. Kind of odd making t

The shadow broker leak is pretty boring. Just a bunch of exploit tools for publicly unknown zero days (Yeah sort of redundant but you get what I mean)

No back doors, no secret keys, no yet unheard of techniques or technologies. Just zero days exploits for popular commercial systems.

Even the fact that most are security appliances really isn't shocking. Such things promote a false sense of security and users trust them far too much, leading to an easy attack surfaced. - It just reinforces what we've known for

If the NSA, CIA and FBI would actually use their powers for good and share the information they find to make our systems more fortified we'd be much better off than letting these exploits continue. They sure as fuck are not plugging the holes in their systems or other government systems, they just exploit them. They let our financial industry run around with the same exploits they know about and they are dumb as fuck to think that someone else China, Russia, you name it, are not also discovering these exp

Part of me wonders if this leak is somehow related to Snowden's mysterious messages a couple weeks ago. I can't find mention of Shadow Brokers on Google before this hack. (Granted, they may have wanted to remain hidden.) Did the Shadow Brokers exist before this hack? Did they adopt a new name because of the scale?

That fits with the way people in large bureaucracy act when they feel they can only talk to the press. Given the US press is still constitutionally protected at least the wider public can have the "collect it all" domestic spying conversation that an internal bureaucracy never will.
The NSA will try and counter any more walk outs with more automation of the product lines to other agencies. Wider issues of more human security is then the final customers responsibility not with collection.
More of the buddy

If they make a master key to unlock backdoors into everyones houses, and someone copies that key, now everyone can be robbed. This is why we don't have backdoors all unlockable with a master key. Maybe they shoukd have thought of fixing vulnerabilities instead of building a master key to backdoor into people's computers.

This release would be very interesting if it broke new ground -- finding a computationally-easy way to break commonly used encryption, or a smoking gun universal back door built into OSes or network gear. From what I've read this is just previously undisclosed, easy to implement and potentially dangerous flaws in network equipment firmware.

Here's an interesting question from someone not in the security field -- is this basically what hacking groups do? Are they just collecting a huge inventory of bugs by co

Maybe they are just trying to work out escape sequences for the Snowden character.

He was the hero who showed the U.S. how it is violating itself with unconstitutional behavior. Then, once it reaches the epic peak, they will pin him as 'the shadow' broker, or whatever name they come up with, later on, if this attempt fails...

When this happens the force for those who stand with him and his principles will be pitted against the force of people who at best vaguely understood him as either hero or villian

This seems to be clearly part of a larger campaign against the US. Whether true or not, I think that many of the smaller countries and even some of the larger ones feel that America has been the unchecked bully for far too long. Continuously chastising others while performing those same actions. Do as I say, not as I do.I can imagine that these players are working in concert to destabilize America with attacks designed to make the average American lose trust in the government and lose faith in the entire po

Yes, we need a foreign enemy to fear and blame, and thankfully our media will helpfully focus on that rather than the contents of the message. People need to go on believing that the country is fair and just and a force for good in the world, and that it hasn't been hijacked to be the enforcer for rich plutocrats. There needs to be the illusion of choice, since it is better to think of oneself as a citizen rather than merely a subject.